Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

[CiscoPrime 2.0] SNMPv3 Privacy Type issues

Hello Cisco Community,

I tried to find a similar topic, but no luck.

So, I go ahead and discribe my problem.

We would like to switch from SNMPv2 to v3 and already added v3-setting to all devices with 3DES as privacy algorithm.

Now we would like to setup Prime 2.0 to communicate with the 3DES devices, but it's not possible to enable 3DES in Prime 2.0.

Below [1] , I added a list with all possible SNMPv3 privacy type settings in Prime 2.0 and LMS 4.2.3.

As you can see, I can't set 3DES for device discovery or the device setting.

Could you please tell me why I've to use with Prime 2.0 a low secure algorithm (DES or AES128) instead of 3DES or AES256?

And why is this setting available in LMS 4.2.3, I thought  Prime 2.0 is the replacement for LMS.

Thanks and Best,

Dennis & Thomas

[1]

Cisco Prime Infrastructure 2.0

# Administration  >  System Settings  >  SNMP Credentials  >  SNMP Credential Details

SNMPv3 Privacy Type: CBC-DES, CFB-AES-128, CFB-AES-192, CFB-AES-256

# Operate > Discovery > Discovery Settings > SNMPv3 Credential

SNMPv3 Privacy Type: DES, AES128

# Operate > Device Work Center > Edit selected Device > SNMP Parameters

SNMPv3 Privacy Type: CBC-DES, CFB-AES-128

Cisco Prime LMS 4.2.3

# Inventory > Device Administration > Add / Import / Manage Devices > Edit Credentials by selected Device

3. SNMP Credentials - Privacy Algorithm : DES, 3DES, AES128, AES192, AES256

Everyone's tags (5)
2 REPLIES
New Member

[CiscoPrime 2.0] SNMPv3 Privacy Type issues

Hey Guys,

any idear or maybe somebody can confirm this problem?

Thanks and Best

New Member

[CiscoPrime 2.0] SNMPv3 Privacy Type issues

Hi, I also found out that using SNMPv3 is a pain. using AES256 is not possible. AES128 is not proven using PI2.0. Using LMS 4.2.x works fine.

It seems to work when discovering and syncing using snmpv3 but lateron it is broken again. Strange behaviour.

I'm very interested in the follow up on this.

feature request:

- better logging to troubleshoot this

- AES 256 should be an selectable option to use

- enhance SNMP communication between switches and PI

regards

Ad

451
Views
0
Helpful
2
Replies